LabEx
Log In Join For Free

Linux User Group and File Permissions

LinuxLinuxBeginner
Practice Now

Introduction

By learning the first lab, you should know that Linux is a multi-user operating system. For example, Bob and Alex can visit the same host. They share some of the host resources but also have their own user spaces to store their files. Their files are placed on the same physical disk, even on the same logical partition or directory. Because of Linux user management and authority management, different users cannot easily modify others' files.

Next, let's start learning the basics of user management with Linux.

Skills Graph

%%%%{init: {'theme':'neutral'}}%%%% flowchart RL linux(("`Linux`")) -.-> linux/BasicFileOperationsGroup(["`Basic File Operations`"]) linux(("`Linux`")) -.-> linux/BasicSystemCommandsGroup(["`Basic System Commands`"]) linux(("`Linux`")) -.-> linux/InputandOutputRedirectionGroup(["`Input and Output Redirection`"]) linux(("`Linux`")) -.-> linux/UserandGroupManagementGroup(["`User and Group Management`"]) linux(("`Linux`")) -.-> linux/TextProcessingGroup(["`Text Processing`"]) linux(("`Linux`")) -.-> linux/FileandDirectoryManagementGroup(["`File and Directory Management`"]) shell(("`Shell`")) -.-> shell/BasicSyntaxandStructureGroup(["`Basic Syntax and Structure`"]) shell(("`Shell`")) -.-> shell/ControlFlowGroup(["`Control Flow`"]) shell(("`Shell`")) -.-> shell/AdvancedScriptingConceptsGroup(["`Advanced Scripting Concepts`"]) linux/BasicFileOperationsGroup -.-> linux/cat("`File Concatenating`") linux/BasicSystemCommandsGroup -.-> linux/exit("`Shell Exiting`") linux/BasicSystemCommandsGroup -.-> linux/echo("`Text Display`") linux/InputandOutputRedirectionGroup -.-> linux/pipeline("`Data Piping`") linux/InputandOutputRedirectionGroup -.-> linux/redirect("`I/O Redirecting`") linux/UserandGroupManagementGroup -.-> linux/groups("`Group Displaying`") linux/TextProcessingGroup -.-> linux/grep("`Pattern Searching`") linux/TextProcessingGroup -.-> linux/sort("`Text Sorting`") linux/UserandGroupManagementGroup -.-> linux/whoami("`User Identifying`") linux/UserandGroupManagementGroup -.-> linux/env("`Environment Managing`") linux/FileandDirectoryManagementGroup -.-> linux/cd("`Directory Changing`") linux/BasicFileOperationsGroup -.-> linux/ls("`Content Listing`") linux/UserandGroupManagementGroup -.-> linux/useradd("`User Adding`") linux/UserandGroupManagementGroup -.-> linux/userdel("`User Removing`") linux/UserandGroupManagementGroup -.-> linux/usermod("`User Modifying`") linux/UserandGroupManagementGroup -.-> linux/sudo("`Privilege Granting`") linux/UserandGroupManagementGroup -.-> linux/su("`User Switching`") linux/BasicFileOperationsGroup -.-> linux/touch("`File Creating/Updating`") linux/BasicFileOperationsGroup -.-> linux/chown("`Ownership Changing`") linux/BasicFileOperationsGroup -.-> linux/chmod("`Permission Modifying`") shell/BasicSyntaxandStructureGroup -.-> shell/quoting("`Quoting Mechanisms`") shell/ControlFlowGroup -.-> shell/exit_status("`Exit and Return Status`") shell/AdvancedScriptingConceptsGroup -.-> shell/adv_redirection("`Advanced Redirection`") subgraph Lab Skills linux/cat -.-> lab-18002{{"`Linux User Group and File Permissions`"}} linux/exit -.-> lab-18002{{"`Linux User Group and File Permissions`"}} linux/echo -.-> lab-18002{{"`Linux User Group and File Permissions`"}} linux/pipeline -.-> lab-18002{{"`Linux User Group and File Permissions`"}} linux/redirect -.-> lab-18002{{"`Linux User Group and File Permissions`"}} linux/groups -.-> lab-18002{{"`Linux User Group and File Permissions`"}} linux/grep -.-> lab-18002{{"`Linux User Group and File Permissions`"}} linux/sort -.-> lab-18002{{"`Linux User Group and File Permissions`"}} linux/whoami -.-> lab-18002{{"`Linux User Group and File Permissions`"}} linux/env -.-> lab-18002{{"`Linux User Group and File Permissions`"}} linux/cd -.-> lab-18002{{"`Linux User Group and File Permissions`"}} linux/ls -.-> lab-18002{{"`Linux User Group and File Permissions`"}} linux/useradd -.-> lab-18002{{"`Linux User Group and File Permissions`"}} linux/userdel -.-> lab-18002{{"`Linux User Group and File Permissions`"}} linux/usermod -.-> lab-18002{{"`Linux User Group and File Permissions`"}} linux/sudo -.-> lab-18002{{"`Linux User Group and File Permissions`"}} linux/su -.-> lab-18002{{"`Linux User Group and File Permissions`"}} linux/touch -.-> lab-18002{{"`Linux User Group and File Permissions`"}} linux/chown -.-> lab-18002{{"`Linux User Group and File Permissions`"}} linux/chmod -.-> lab-18002{{"`Linux User Group and File Permissions`"}} shell/quoting -.-> lab-18002{{"`Linux User Group and File Permissions`"}} shell/exit_status -.-> lab-18002{{"`Linux User Group and File Permissions`"}} shell/adv_redirection -.-> lab-18002{{"`Linux User Group and File Permissions`"}} end

To Print User Information

Please open the terminal and enter the following command:

whoami
labex:project/ $ whoami
labex

The first column of the output indicates the user name of the user who opened the current pseudo terminal.

Create Users

The root account in Linux and UNIX systems has ultimate administrative privileges, with authority over the entire system, including the ability to perform all administrative tasks such as creating and adding users.

To make it easier to perform administrative tasks without logging in as the root user, the sudo command allows regular users to temporarily elevate their privileges, provided they meet two requirements:

  1. Users must provide their own password when using sudo.
  2. Users must be a member of the sudo user group to run commands with elevated privileges.

su, su - and sudo

  • su <user>: can switch to user user.
  • sudo <cmd>: requiring the current user to belong to the sudo group and entering the current user's password to run command with 'root' power.
  • su - <user>: switches users while changing the environment variable.

Now, we create a new user called "jack":

sudo adduser jack

The default user labex do not need to enter the password to execute sudo. In this part, you must follow the prompts to enter the labex password. (Linux password input does not show any content.) Then you can give "jack“ a password. Some options you can choose from to use the default value.

This command not only adds the user to the system but also creates the home directory for the new user:

ls /home

You have created a user and can log in with the new account. Please use the following command to log in:

su -l jack

Enter the password you just set up for "jack".

If you want to exit the current user, you can use the exit command or the shortcut Ctrl + d.

User Group

In Linux, each user has a home (user group). A user group is a collection of users who share some resources and permissions and have private resources. This kind of structure is similar to a family structure.

How to see the user group name?

Use groups Command

groups labex

View the group:

labex:project/ $ groups labex
labex : labex sudo ssl-cert public

As shown in the figure, the word before : is the user name, and the words after : are the group names for that user. If you do not specify a user group when creating a new user, the command will automatically create a user group with the same name as the user name.

By default, the sudo user group can use the sudo command to gain root privileges. LabEx users can also use the sudo command. You can view the /etc/sudoers.d/labex file. We have created this file in the /etc/sudoers.d directory to give sudo permissions to the user label:

labex:project/ $ sudo cat /etc/sudoers.d/labex
labex ALL=(ALL) NOPASSWD: ALL
Defaults:labex !requiretty

View /etc/group File

cat /etc/group | sort

The command cat is used to read the contents of the specified file and print it out.| sort means that the text is sorted and output by dict sort (dictionary sort).

labex:project/ $ cat /etc/group | sort
adm:x:4:
audio:x:29:pulse
avahi:x:114:
backup:x:34:
...

If you do not find it, it doesn't matter. However, you can use the following command to filter out some of the results you do not want to see:

cat /etc/group | grep -E "labex"
labex:project/ $ cat /etc/group | grep -E "labex"
sudo:x:27:labex
ssl-cert:x:121:labex
labex:x:5000:
public:x:5002:labex

Add other users to the sudo user group

By default, newly created users do not have root privileges, nor are they in the sudo user group. However, you can invite them to join the sudo user group to get root privileges:

su -l jack
sudo ls

After executing the commands, it will warn that "jack" is not in the sudoers file.

labex:project/ $ su -l jack
sudo ls
Password:
jack@65d2bb692aaf42ea18bb8350:~$ sudo ls
[sudo] password for jack:
jack is not in the sudoers file. This incident will be reported.

You can use the command usermod to add a user to a user group.

We use the LabEx user to execute the sudo command to add “jack” to the sudo user group so that it can also get root privileges using the sudo command:

exit
sudo groups jack
sudo usermod -G sudo jack
sudo groups jack

Then you switch back to “jack”, and now you can use sudo to get root privileges.

To Delete Users

Deleting a user is very easy:

sudo deluser jack --remove-home

View the result:

labex:project/ $ sudo deluser jack --remove-home
Looking for files to backup/remove ...
Removing files ...
Removing user `jack' ...
Warning: group `jack' has no more members.
Done.

To View File Permissions

We have used ls many times. We use it to list and display the files of the current directory. It can do much more than that if we give it some parameters. Now we have to use it to view the file permissions.

List files in long format:

ls -l
labex:~/ $ pwd
/home/labex
labex:~/ $ ls -l
total 0
drwxr-xr-x 2 labex labex 6 Feb 6 10:14 Code
drwxr-xr-x 2 labex labex 97 Feb 6 10:14 Desktop
drwxr-xr-x 4 labex labex 28 Sep 23 2021 golang
drwxr-xr-x 2 labex labex 6 Feb 6 10:14 project

So what are the file type, permissions, links?

  • file type: For file type, there is one thing you must keep in mind everything in Linux is a file.
  • file permissions:
    • Read permission (r): You can read the contents of a file;
    • Write permission (w): You can edit and modify a file;
    • Execute permission (x): It refers to a binary program file or script file that can be run
  • number of links: The number of files linked to the inode.
  • file size: The node size represents the file size

To view the file type:

  • To use both the -A and -l parameters together:
ls -Al
  • To view the complete properties of a directory:
ls -dl <directory>
  • To show all the file sizes:
ls -AsSh

  • s is used for the display file size.

  • S is used for sorting files by file size.

If you need to know how to sort in other ways, please use the man command.

To Change the Owner of a File

You need set the password for user 'labex'.

passwd labex

If you've deleted the user "jack", please add it back and login as "jack".

sudo adduser jack
su -l jack

We log in as "jack". Then create a new file named "iphonex":

touch iphonex

The file owner is jack.

Then we switch the user to "labex". We can use the following command to change the file owner for "labex":

su -l labex

You can use the following command get labex user's password:

env | grep PASSWORD

The ENV variable PASSWORD is the password for labex user.

Then we can use the following command to change the file owner for "labex":

sudo chown labex /home/jack
cd /home/jack
sudo chown labex iphonex
ll

Find the file owner modified successfully for labex.

total 0
-rw-rw-r-- 1 labex jack 0 Sep 13 08:54 iphonex

To Modify File Permissions

If there is a document you do not want other users to read, write or execute, you need to modify the file's permissions. There are two ways:

Binary number representation

Each file has three groups of permissions (owner, user group, others) corresponding to an "rwx" triplet. The file "iphonex" permissions are changed to "only for the owner to use":

To demonstrate, we write some words into the file:

echo "echo 'hello labex'" > iphonex

Then modify the permissions:

chmod 700 iphonex

Now, other users are unable to read this "iphonex" file.

Addition and subtraction assignments

You can use the following command to achieve the same result as by method 1:

chmod go-rw iphonex
  • u, g, and o, respectively, represent the user (file owner), group, and others.
  • + and - represent adding and removing the corresponding permissions.

Summary

Congratulations! You have completed the Linux User Group and File Permissions lab!

In this lab, you learned how to create users and groups, and how to modify file permissions. You also learned how to use the chown command to change the owner of a file, and how to use the chmod command to modify file permissions.

Other Linux Tutorials you may like

Related Linux Courses
Quick Start with Linux

Quick Start with Linux

LinuxShell
Beginner
Practice Linux Commands

Practice Linux Commands

LinuxShell
Intermediate
Linux for Noobs

Linux for Noobs

LinuxShell
Intermediate

We use cookies for a number of reasons, such as keeping the website reliable and secure, to improve your experience on our website and to see how you interact with it. By accepting, you agree to our use of such cookies. Privacy Policy